spade89 Member Posts: 561 From: houston,tx Registered: 11-28-2006 |
hey people, for some reason lately i have been obssesed with encryption ,i am a big c++ fan and i thought i should start a thread where people could discuss encryption related stuff even if you don't know c++ i think encryption can be done in many languages so if you know anything related to encryption or if you don't and you want to spill it OUT... ^__^ ------------------ |
samw3 Member Posts: 542 From: Toccoa, GA, USA Registered: 08-15-2006 |
Here's what I know. There are two basic kinds of encryption Pre-shared key encryption where the 'key' to unlock the document has already been negotiated. The most uncrackable form of encryption falls loosly into this category. More about that in a minute. But first, for example, your xor encryption is a PSK encryption routine. It does a fine job of encrypting the data, but there is not a way to "transmit" the key secretly. Public key encryption, on the other hand, works like an unlocked padlock. You can hand someone the unlocked padlock(Public key) or even send it to them via an insecure courier and they can lock a box full of sensitive data with it. However, neither them nor anyone else can unlock the padlock.. only the recipient who has the key (Private key). The majority of these type algorithms use some big math using some big prime numbers to create a formula that is nearly impossible to factor without a lot of cpus and a lot of time. So, what's the uncrackable PSK method? Its called the OTP or One Time Pad. Supposedly, this is how quantum encryption would work. See http://en.wikipedia.org/wiki/Quantum_encryption if that piqued your curiosity. Also see: Once you've bent your brain on this.. Try information theory next God bless! ------------------ |
AndyGeers Member Posts: 45 From: London, UK Registered: 06-20-2005 |
Of course, the important thing about a good encryption algorithm is that the resulting output is statistically different (do I mean independent?) from the unencoded input. It's a well known fact that different letters of the alphabet occur more frequently than others (E being the most common). The simplest methods of encryption fall down because (if the text is long enough) you can just look for the most common letter and assume it's an E, then the second most letter and assume it's a... A? Anyway, you need slightly more sophisticated methods than that to crack XOR encryption, but I seem to recall that it's still fairly feasible, building on the same techniques. ------------------ |
|
samw3 Member Posts: 542 From: Toccoa, GA, USA Registered: 08-15-2006 |
Very true. That's why OTP is considered uncrackable since you are ciphering against a completely random stream of characters with no repeats of the key, which should eliminate any statistical spikes from the corpus. (I almost shouldn't say this, but) If you want to waste a LOT of time and are curious about statistically cracking cyphers check out the Kryptos--a sculpture located on the grounds of CIA Headquarters in Langley, Virginia. Installed in 1990, its thousands of characters contain encrypted messages, of which three have been solved (so far). Believe me, I spent way to much time tinkering with this. http://www.elonka.com/kryptos/ ------------------ |
|
spade89 Member Posts: 561 From: houston,tx Registered: 11-28-2006 |
hey, i heard about that kryptos thing outside cia on cnn weird i don't think a human could solve that one maybe a programme. anyways i have been reading up on cryptograhy materials on the net,and i am a bit confused . i don't see the difference between publik key encryption and the one i made(XOR), except the public key of course you need a key to encrypt and decrypt them both,what's the difference? on another topic if you know anything about cryptography can you tell me how much of math knowlege you need? i know the basic algebra linear equations...etc but i am not very good at math,how much is math needed in cryptography and how much knowlege of math do you think a programmer needs to know? ------------------ |
|
samw3 Member Posts: 542 From: Toccoa, GA, USA Registered: 08-15-2006 |
The difference is exactly that--the two keys (passwords). The public key is used to encrypt. The private key is used to decrypt. You cannot use the public key to decrypt and you cannot use the private key to encrypt. With public key you can freely transmit the public key (password) unencrypted over a very insecure channel and not worry about snoopers since they don't have the key to decrypt only to encrypt. And the final encrypted message can only be decrypted by the holder of the private key (password) which is never transmitted. The problem with your xor method or any other PSK for that matter is that you have to get the password to the other party securely. This is not a problem if you yourself are the two parties, but take the example of SSL. eCommerce sites want to encrypt your credit card data on checkout. But they don't know you from Adam. So, its not like they can call you on the phone and give you a password to encrypt the data. And even if they could someone might be tapping the phone line. They need a solution where the encryption key can be transmitted in the clear without compromising the final encrypted message. Public key encryption solves this problem. PSK encryption, on the other hand, tends to be a LOT stronger encryption. Its weakness though is the key negotiation. i.e. getting the password to the other party. Got it now? As for the math, the basic rules of public key encryption is based upon integer factorization which is the process of breaking down a non-prime number into smaller non-trivial divisors, which when multiplied together equal the original integer. You probably have learned about this in algebra. As of late, no polynomial-time method for factoring large integers on a classical computer has yet been found, but it has not been proven that none exists. So, the current methods of encryption exploit the very nature of numbers themselves in a mathematical science called number theory. See: http://en.wikipedia.org/wiki/Number_theory However, the heart of encryption still falls in the area of algorithm design more than math. So, knowing algebra is fine. Knowing how to read calculus is better as you can study existing algorithms. And understanding number theory will also help in understanding current algorithms. The holy grail of encryption is an algorithm where: ------------------ |
jestermax Member Posts: 1064 From: Ontario, Canada Registered: 06-21-2006 |
I haven't read all of the posts in this thread yet so forgive me if i'm redundant. Anyways, if you're looking for something fun, check out steganography. its an absolute blast to play with, even if thats all you'll end up doing with it. Live the Life |
|
spade89 Member Posts: 561 From: houston,tx Registered: 11-28-2006 |
thanks for explaining that samw3 ,now i think i get public/private key encryption ,though i need to study code for rsa ,blowfish.... jestermax: http://en.wikipedia.org/wiki/Steganography btw,do you think that the terrorists actually used this technique in 9/11? ------------------ |
|
jestermax Member Posts: 1064 From: Ontario, Canada Registered: 06-21-2006 |
well just think from a security standpoint; if i wanted to pass information on without anyone else even knowing its information then what would be the best way? if i send a standard encrypted message then you can tell it's encrypted, but if you send a picture, it could be anything! so i can't actually say what they would have used, but if it were me i would've done something like that. |
|
samw3 Member Posts: 542 From: Toccoa, GA, USA Registered: 08-15-2006 |
That would be a great tool for covert missionaries in restricted-access countries to send prayer requests home. I guess it would also be an equally evil tool of Al-Qaeda to coordinate terrorist attacks. ------------------ |
|
spade89 Member Posts: 561 From: houston,tx Registered: 11-28-2006 |
the power is amazing isn't it,i tried hiding the sourcecode for the example xor program in my last article(which is not being displayed by the ccn server)in the following picture and it worked .
the possibilities are endless. btw ,i used the software at http://www.securekit.com/ ,it is a 7 day trial software,does anyone know a free one? ------------------ [This message has been edited by spade89 (edited January 19, 2007).] |
|
jestermax Member Posts: 1064 From: Ontario, Canada Registered: 06-21-2006 |
actually the more dangerous ones are the homebrewed. then noone can be sure of t. he algorithm used. and on top of that you're not limited to well known images; you could use a personal digital camera shot (aka noone else has access to the original). Now the real fun: we've talked about terrorists using this, but try to thing of ways to counter this encryption... |
